Need help troubleshooting error 0x7780

I am trying to download binary files from Amazon S3 bucket. I have two test URLs.

  1. From S3 bucket directly
    2)From S3 bucket behind Amazon Cloud Front

Both of these links work with Google Chrome on my Win 10 machine.

However, from my embedded device, the 1st link downloads successfully. The 2nd link triggers the server side disconnect, resulting MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE. I can see this from Wireshark capture.

On the other thread about this error, Ron pointed out the cipher suites presented to the server may not be adequate. I think my problem is different. I have the cipher suite MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and it is listed in the Amazon Cloud Front.

Level 3 Debug Output:

HTTPS_TLS_OPEN
…/mbedtls_lib/ssl_tls.c:6647: => handshake
…/mbedtls_lib/ssl_cli.c:3321: client state: 0
…/mbedtls_lib/ssl_tls.c:2442: => flush output
…/mbedtls_lib/ssl_tls.c:2454: <= flush output
…/mbedtls_lib/ssl_cli.c:3321: client state: 1
…/mbedtls_lib/ssl_tls.c:2442: => flush output
…/mbedtls_lib/ssl_tls.c:2454: <= flush output
…/mbedtls_lib/ssl_cli.c:0730: => write client hello
…/mbedtls_lib/ssl_cli.c:0768: client hello, max version: [3:3]
…/mbedtls_lib/ssl_cli.c:0777: dumping ‘client hello, random bytes’ (32 bytes)
…/mbedtls_lib/ssl_cli.c:0777: 0000: d9 2c 50 b7 39 fe e7 90 20 78 28 85 21 15 ee cc .,P.9… x(.!..
…/mbedtls_lib/ssl_cli.c:0777: 0010: a0 44 52 10 ac 49 7d 12 6a d3 57 97 ea 72 dc 14 .DR…I}.j.W…r…
…/mbedtls_lib/ssl_cli.c:0830: client hello, session id len.: 0
…/mbedtls_lib/ssl_cli.c:0831: dumping ‘client hello, session id’ (0 bytes)
…/mbedtls_lib/ssl_cli.c:0898: client hello, add ciphersuite: 002f
…/mbedtls_lib/ssl_cli.c:0898: client hello, add ciphersuite: 003c
…/mbedtls_lib/ssl_cli.c:0898: client hello, add ciphersuite: 0035
…/mbedtls_lib/ssl_cli.c:0898: client hello, add ciphersuite: 003d
…/mbedtls_lib/ssl_cli.c:0898: client hello, add ciphersuite: 0033
…/mbedtls_lib/ssl_cli.c:0898: client hello, add ciphersuite: 0067
…/mbedtls_lib/ssl_cli.c:0898: client hello, add ciphersuite: 0039
…/mbedtls_lib/ssl_cli.c:0898: client hello, add ciphersuite: 006b
…/mbedtls_lib/ssl_cli.c:0898: client hello, add ciphersuite: 009c
…/mbedtls_lib/ssl_cli.c:0898: client hello, add ciphersuite: 009e
…/mbedtls_lib/ssl_cli.c:0898: client hello, add ciphersuite: c02f
…/mbedtls_lib/ssl_cli.c:0898: client hello, add ciphersuite: c023
…/mbedtls_lib/ssl_cli.c:0898: client hello, add ciphersuite: c02b
…/mbedtls_lib/ssl_cli.c:0931: client hello, got 14 ciphersuites
…/mbedtls_lib/ssl_cli.c:0962: client hello, compress len.: 1
…/mbedtls_lib/ssl_cli.c:0964: client hello, compress alg.: 0
…/mbedtls_lib/ssl_cli.c:0189: client hello, adding signature_algorithms extension
…/mbedtls_lib/ssl_cli.c:0274: client hello, adding supported_elliptic_curves extension
…/mbedtls_lib/ssl_cli.c:0339: client hello, adding supported_point_formats extension
…/mbedtls_lib/ssl_cli.c:0521: client hello, adding encrypt_then_mac extension
…/mbedtls_lib/ssl_cli.c:0555: client hello, adding extended_master_secret extension
…/mbedtls_lib/ssl_cli.c:0588: client hello, adding session ticket extension
…/mbedtls_lib/ssl_cli.c:1038: client hello, total extension length: 68
…/mbedtls_lib/ssl_tls.c:2727: => write record
…/mbedtls_lib/ssl_tls.c:2873: output record: msgtype = 22, version = [3:1], msglen = 141
…/mbedtls_lib/ssl_tls.c:2442: => flush output
…/mbedtls_lib/ssl_tls.c:2461: message length: 146, out_left: 146
…/mbedtls_lib/ssl_tls.c:2467: ssl->f_send() returned 146 (-0xffffff6e)
…/mbedtls_lib/ssl_tls.c:2486: <= flush output
…/mbedtls_lib/ssl_tls.c:2885: <= write record
…/mbedtls_lib/ssl_cli.c:1064: <= write client hello
…/mbedtls_lib/ssl_cli.c:3321: client state: 2
…/mbedtls_lib/ssl_tls.c:2442: => flush output
…/mbedtls_lib/ssl_tls.c:2454: <= flush output
…/mbedtls_lib/ssl_cli.c:1457: => parse server hello
…/mbedtls_lib/ssl_tls.c:3763: => read record
…/mbedtls_lib/ssl_tls.c:2234: => fetch input
…/mbedtls_lib/ssl_tls.c:2392: in_left: 0, nb_want: 5
…/mbedtls_lib/ssl_tls.c:2416: in_left: 0, nb_want: 5
…/mbedtls_lib/ssl_tls.c:6657: <= handshake
…/mbedtls_lib/ssl_tls.c:6647: => handshake
…/mbedtls_lib/ssl_cli.c:3321: client state: 2
…/mbedtls_lib/ssl_tls.c:2442: => flush output
…/mbedtls_lib/ssl_tls.c:2454: <= flush output
…/mbedtls_lib/ssl_cli.c:1457: => parse server hello
…/mbedtls_lib/ssl_tls.c:3763: => read record
…/mbedtls_lib/ssl_tls.c:2234: => fetch input
…/mbedtls_lib/ssl_tls.c:2392: in_left: 0, nb_want: 5
…/mbedtls_lib/ssl_tls.c:2416: in_left: 0, nb_want: 5
…/mbedtls_lib/ssl_tls.c:6657: <= handshake
…/mbedtls_lib/ssl_tls.c:6647: => handshake
…/mbedtls_lib/ssl_cli.c:3321: client state: 2
…/mbedtls_lib/ssl_tls.c:2442: => flush output
…/mbedtls_lib/ssl_tls.c:2454: <= flush output
…/mbedtls_lib/ssl_cli.c:1457: => parse server hello
…/mbedtls_lib/ssl_tls.c:3763: => read record
…/mbedtls_lib/ssl_tls.c:2234: => fetch input
…/mbedtls_lib/ssl_tls.c:2392: in_left: 0, nb_want: 5
…/mbedtls_lib/ssl_tls.c:2416: in_left: 0, nb_want: 5
…/mbedtls_lib/ssl_tls.c:6657: <= handshake
…/mbedtls_lib/ssl_tls.c:6647: => handshake
…/mbedtls_lib/ssl_cli.c:3321: client state: 2
…/mbedtls_lib/ssl_tls.c:2442: => flush output
…/mbedtls_lib/ssl_tls.c:2454: <= flush output
…/mbedtls_lib/ssl_cli.c:1457: => parse server hello
…/mbedtls_lib/ssl_tls.c:3763: => read record
…/mbedtls_lib/ssl_tls.c:2234: => fetch input
…/mbedtls_lib/ssl_tls.c:2392: in_left: 0, nb_want: 5
…/mbedtls_lib/ssl_tls.c:2416: in_left: 0, nb_want: 5
…/mbedtls_lib/ssl_tls.c:2417: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
…/mbedtls_lib/ssl_tls.c:2429: <= fetch input
…/mbedtls_lib/ssl_tls.c:3522: input record: msgtype = 21, version = [3:3], msglen = 2
…/mbedtls_lib/ssl_tls.c:2234: => fetch input
…/mbedtls_lib/ssl_tls.c:2392: in_left: 5, nb_want: 7
…/mbedtls_lib/ssl_tls.c:2416: in_left: 5, nb_want: 7
…/mbedtls_lib/ssl_tls.c:2417: ssl->f_recv(_timeout)() returned 2 (-0xfffffffe)
…/mbedtls_lib/ssl_tls.c:2429: <= fetch input
…/mbedtls_lib/ssl_tls.c:4095: got an alert message, type: [2:40]
…/mbedtls_lib/ssl_tls.c:4103: is a fatal alert message (msg 40)
…/mbedtls_lib/ssl_tls.c:3781: mbedtls_ssl_read_record_layer() returned -30592 (-0x7780)
…/mbedtls_lib/ssl_cli.c:1464: mbedtls_ssl_read_record() returned -30592 (-0x7780)
…/mbedtls_lib/ssl_tls.c:6657: <= handshake
HTTPS_TLS_CONNECT: mbedtls_ssl_handshake ERROR -0x7780

I can attach my Wireshark capture if that helps. Can someone please point me to the right direction as where the problem might be? I suspect my device might be running too slow which causes the server side to timeout. Any thoughts?

Thanks.

Fixed the problem by calling mbedtls_ssl_set_hostname() to set the SNI extension in the Client Hello message. Once this is done, I can successfully download from a Amazon S3 Bucket behind CloudFront.